[jcifs] A bug in 1.2.17 ?

Asaf Mesika asaf.mesika at gmail.com
Sun Nov 25 15:43:28 GMT 2007


I haven't found a bug-tracking system, so I'm posting a bug I found in
version 1.2.17:

This class constructor looks like this:

SmbComSessionSetupAndX( SmbSession session, ServerMessageBlock andx ) throws
SmbException {
        super( andx );
        command = SMB_COM_SESSION_SETUP_ANDX;
        this.session = session;
        this.auth = session.auth;
        if( auth.hashesExternal && *auth.challenge !=
session.transport.server.encryptionKey* ) {
            throw new SmbAuthException(

The following condition:
*auth.challenge != session.transport.server.encryptionKey

*checks for equality between two byte *arrays* .
The *bug:* The only thing checked here is that it's the same object, instead
of checking equality using Arrays.equals(byte[], byte[]).

Anybody can comment on that?

Thank you,

-------------- next part --------------
HTML attachment scrubbed and removed

More information about the jcifs mailing list